Third party data has been subject to great scrutiny since GDPR came into force. We speak to industry insiders and data privacy experts to find out the level of risk and how it can be sourced safely and responsibly.
While the weather was clement and the Thames still, some of the questions posed by audience members suggested choppy waters ahead for data-driven marketers. One brave gentleman even dared mention the ‘B’ word.
Before we sail over to the Q&A highlights, the chief aim of the event was to launch ‘The DPN Rosemary Smith Award for Responsible Marketing.’
Rosemary, who passed away earlier this year, made a significant contribution to the marketing and data industries, both as influencer and thought-leader. The new award recognises ‘a contribution made to responsible marketing, giving a team or an individual credit for a creative and privacy aware project or initiative.’
Entry is free and the winners will receive £1,000 and a trophy. All entrants will be eligible for access to 15% discount on training at the IDM (Institute of Data and Marketing). Click here for full details.
“Good governance and responsible marketing is an asset”
“It’s evolved hugely in my time,” she reflected aboard the HQS Wellington. “Companies have had to think about how their brand looks to the outside world: their customers, their consumers, their interested parties, their competitors. Boards have begun to realise that good governance and responsible marketing is an asset to the business rather than a cost centre. That’s been a gradual change – we’re not there yet but GDPR is helping drive it along.
“Transparency is at the heart of GDPR. It’s sometimes counter-intuitive commercially for companies but they’ve begun to realise that if they don’t [be transparent] they’ll be left behind because their consumers are pretty smart.
“Years ago I did a presentation called The Smarter More Demanding Consumer. After 25 years, I’m just beginning to see that coming to fruition over the last five years. People are becoming more aware of the value of their data. They know their rights and they want to work with companies who are ethical in making sure that their data’s safe and that it’s used in the right way, not for the wrong purposes. They want to know it’s not shared either unwittingly or on purpose because trust out there is quite low.
“It’s up to us as an industry to try and build that trust up to a point where the data value exchange that we were talking about today becomes a reality.
“Without customers we’re nowhere so let’s keep them. Let’s treat them fairly and transparently, and respond to their wishes and make sure that forms the partnership between the brand and the consumer.”
I think we can all raise a glass to that.
Data Privacy Question Time round-up
Before the award launch, a panel of experts answered questions on some of the big data privacy issues facing data-driven organisations today. The Data Privacy Question Time was chaired by Robert Bond, Partner at Bristows LLP and Chairman of the DPN.
The event was governed by ‘Chatham House Rules’, but here’s a flavour of some of the key talking points.
Q. Will there be a spike in claims as a result of tightening data protection regulations?
A. All members of the panel agreed this was a concern. The dual impact of increased awareness and data privacy activism were certain to lead to increased claims. But there were also worries that the ambulance-chasers of the data privacy world would try to hijack the issue and make a quick buck from immature data governance frameworks grappling with legislative change.
One panellist warned that the potential for speculative claims should be “high on the risk register” for data-driven organisations.
Q. Did preparation for GDPR focus too much on data governance instead of data security?
A. The introduction of GDPR shone a spotlight on how cyber security had been the focus up until that point, said one data protection expert. GDPR helped redress the balance and provide the impetus to build upon cyber security and place the issue of privacy on a more equal footing with protection.
But it was also argued that data governance and data security are now inextricably linked. In the event of a cyber attack data governance is important. The ICO will be asking questions about what procedures you had in place to protect your data and systems.
Q. How important is individual responsibility when it comes to data breaches following a rise of ICO prosecutions on individuals?
A. There have been an increasing number of £5,000 fines handed out to individuals who have been responsible for data breaches. It’s a career defining moment for those people and it should serve as a wake-up call.
The ICO are spreading their luck, it was suggested. They’re not just going after the big businesses, they are also targeting smaller businesses too. They’re trying to make clear that smaller businesses need to comply and pay as much attention as larger companies. It’s a warning to everyone.
Q. What will the ramifications of Brexit be for data driven organisations?
A. If we crash on a no-deal we’ll be a third country and we have no adequacy in place. It takes years to get adequacy in place. But if there’s a deal there’ll be a transition period.
It took Japan three to four years to get adequacy. But a deal at least gives you time to rearrange things – said another respondent.
It was noted that a lot of business leaders still had their heads in the sand. Preparing for Brexit was possible but for big companies a lot of sign-off was required.
All panel members agreed that the administrative burden would be high
Q. What do you think about the localisation of data protection laws around the world – and how it will impact organisations?
When you look at data protection laws around the world, there’s a sense of direction, said Robert Bond. GDPR is influencing other regulations around the world so all the investment you’ve put into GDPR is worth it. It’s good preparation for compliance in other territories.
There was general agreement that undertaking the data governance processes required for GDPR will provide organisations with the tools to comply in other territories.
Q. How do we raise standards in the data protection advice/services industry to ensure good advice is being given out?
A. Pre-GDPR we saw a lot of companies hiring data protection professionals out of desperation, came one response. It led to individuals and companies exploiting this demand and garnering inflated fees for services which didn’t necessarily offer the best advice. It’s likely to happen again when ePrivacy comes along. It requires people like us to help educate and put good guidance out there.
More people needed to be encouraged to take training courses and there needed to be a trade body to certify data protection practitioners.
The event was a fitting way to launch the Rosemary Smith Award for Responsible Marketing. Informed speakers, great questions and a lovely venue.
Got an opinion? We’d love to hear it! Please share you thoughts in the comments below.
Please register below to unlock this article.
An email will be sent to you with your membership details.